Fri Dec 24 12:26:06 GMT 2021
From
/weblog/security
How to use basic UNIX tool to steal other facebook identity -
http://blog.mostof.it/how-to-steal-a-facebook-identity/ More on BGP Attacks -
http://blog.wired.com/27bstroke6/2008/08/how-to-intercep.html Discussion of crack protection -
http://discuss.joelonsoftware.com/default.asp?design.4.579670 http://www.focusoncode.com/exe-packers-crypters-and-compressors/ , introduce tools -
http://www.pelock.com/ Ten Immutable Laws of Security
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
http://www.microsoft.com[..]s/security/essays/10imlaws.mspx?mfr=true An example of buffer overflow attack -
http://www.thegeekstuff.com/2013/06/buffer-overflow/ hack yourself! -
https://blog.codinghorror.com/hacker-hack-thyself/ How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit -
https://blog.polybdenum.com[..]-anatomy-of-a-java-bytecode-exploit.html Log4j MEGATHREAD -
https://www.reddit.com/r/java/comments/rhywh5/log4j_megathread/ How to Find Dangerous Log4j Libraries -
https://thenewstack.io/how-to-find-dangerous-log4j-libraries/
(google search)
(amazon search)
Sat Sep 26 15:54:02 GMT 2020
From
/weblog/security
Security Analysis of SMS as a Second Factor of Authentication -
https://queue.acm.org/detail.cfm?ref=rss&id=3425909
(google search)
(amazon search)
Tue Jun 20 06:44:56 GMT 2006
From
/weblog/security
Cases like that happen again and again and again... We really need to educate user about security:
http://www.dailytech.com/article.aspx?newsid=2914
(google search)
(amazon search)
Wed Apr 05 07:46:05 GMT 2006
From
/weblog/security
An article show how to test various security bug of website using HTTP header manipulation tool. However, look like using a HTTP client is more easy and scriptable?
http://www.onlamp.com/lpt/a/6268
(google search)
(amazon search)